2020 Set To Usher in a Rapid Pace of Cloud Compliance

Emil Sayegh, Ntirety President and CEO, says in the 2020s enterprises are at the convergence of two forces: The need to govern and protect data and the compelling cases for using the cloud. He shares with IDN how AI, ML and automation can improve cloud's ability to provide governance, security, and resilience.

Business operations have always faced an evolution of data and compliance challenges – but the decade of the 2020s may be different.

In the past, compliance and regulations had time to catch up with technology cycles; however, the rapid pace of cloud technology has made harnessing the issues of data privacy, data protection, and security a tenuous task. As a new decade of the cloud has begun, rapidly advancing and sprawling cloud technologies have set themselves on a collision course with the rational demands for sound data privacy practices.

In the 2020s, Data is in the Hot Seat

As we all know, companies like Facebook and Google are sitting in the proverbial hot seat as the immense scale of their data collection collides with growing privacy concerns. But it’s not just these two unicorn company. Giants companies of all stripe – and multiple sectors -- are actively defending and detailing their data privacy and collection practices.

It has never been more evident that the public and government are concerned with the power, influence, and potential for abuse that these private companies hold.

Until two years ago, data handling and related compliance requirements were like a wild west scenario – there were few rules, and that meant many companies developed their own approaches to data collection and handling. That is, until something changed.

The European Union blazed a regulatory path when it passed the General Data Protection Regulation (GDPR) in 2018. Then, California enacted a similar construct with its California Consumer Privacy Act (CCPA), which took effect on January 1, 2020. This sea of change will continue in 2020 and beyond as other states are expected to follow suit with their own rules for data privacy and consumer protections over their own personal data.

Broad in scope and dense with consumer-driven damages, these milestone regulations are the shape of a compliance future. In fact, for many enterprises, it’s a ‘future’ that has already arrived.

Enter Data Privacy Compliance

Businesses have the responsibility and burden to ensure that they maintain data privacy compliance standards, especially in fields such as healthcare, government, education, and finance. Both a blessing and a challenge to the enterprise, industry compliance is now more critical than ever.

Regulators have toughened their stance regarding the handling and protection of sensitive data such as Personally Identifiable Information (PII). Wielding massive punitive measures, agencies at the state, federal, and international level set compliance rules and reporting for industries. Healthcare, FinTech, Education, and banking are all too familiar with HIPAA, PCI, GDPR, FERPA, and the multi-million-dollar penalties that may be incurred by violations that inadvertently disclose patient data, consumer data, or student data.

The Big Convergence - Data Compliance in the Cloud

Pivotal to the data privacy conversation is the cloud — flexible, powerful, feature-filled, and growing.

One can easily see the cause for concern with potentially sensitive data “in the cloud,” especially where it is easily deployed, aggregated, and hacked. We have seen time after time that in any technology realm, reputations and careers built over decades can be lost overnight due to a lack of security governance. Not a week passes that we don’t hear of a breach or a hack in the cloud, the latest being the exposure of the behavioral data of 120 Million U.S. consumers due to a misconfigured S3 Amazon Web Services (AWS) instance.

Such threats are enough to make unprepared IT decision-makers either freeze or make cloud adoption decisions at a glacial pace, rendering them both highly ineffective and behind the times.

In the 2020s, we are at the convergence of two titanic forces: The need to govern and protect data and the compelling cases for using the cloud.

It stands to reason; one big question in the minds of data privacy officers is whether compliance in the cloud is more complicated than traditional IT deployments. The answer is: Yes, it is.

There are multiple layers of technology, numerous points of egress and ingress, rapid access to volumes of data, and in hybrid cloud scenarios, data can move across environments. Organizations that maintain compliance manually or use outdated tools will fall quickly behind in an IT landscape that is rapidly evolving. Combined with the potential for human error, the risks can escalate fast.

Data Privacy By Design

When information technology is liberated, good things will generally happen. It can certainly also happen with data privacy and compliance. For example, cloud automation tools such as AWS Elastic Beanstalk and Azure’s VM extensions help IT teams automatically create, modify, and tear down resources based on demands.

Automation, Artificial Intelligence (AI), and Machine Learning (ML) all add improved governance, security, and resilience to IT systems by rapidly detecting nefarious activities. Some organizations may also require advanced cross-cloud automation, leveraging popular constructs such as Puppet, Ansible, and Kubernetes.

With the right cloud automation in place, there are infrequent data compliance requirements that can’t be answered. For those under GDPR and CCPA compliance, one common denominator is data privacy by design. Complete data sensitivity can now be classified, tracked, and acted upon through monitoring, logging, access protection, and automation.

Once correctly enabled, companies can now efficiently uncover vulnerabilities such as Personally Identifiable Information (PII), insecure file access configurations, privileged account issues, and many other points of contention found under compliance requirements.

Future-Proofing

We can count on the fact that security threats are always changing. Hackers have specialized in uncovering and attacking the new vulnerability points very quickly; they are no longer lone rangers but are now powered by nation-state sponsors. The good news is that many services can help perform and maintain compliance.

Strategic cloud services providers offer compliant cloud solutions, including virtual private clouds on public, dedicated, and hybrid resources. They also provide management and insights on reliable cloud application services that go beyond general service SLA’s. The expert management and knowledge available through strategic partnerships for compliance efforts are the foundation of one of the most important relationships between cloud services vendors, and compliant sensitive enterprises.

If your organization is facing new or escalated compliance initiatives in 2020 and beyond, do not hesitate to find a trusted partner that can guide you with the proper counsel and services you need to future proof your compliance and security posture.

Emil Sayegh is the President and CEO of Ntirety, a leading managed hybrid cloud services provider. Emil is recognized as one of the industry’s cloud visionaries and "fathers of OpenStack," having launched and led successful cloud computing and hosting businesses for HP and Rackspace. In addition to his expertise in cloud businesses, Emil also holds nine patents.